THE EDWARD SNOWDEN leaks left much of the world in shock. Even the most paranoid security freaks were astounded to learn about the scope of the surveillance apparatus that had been built by the NSA, along with its allies in the “Five Eyes” countries (the UK, Canada, New Zealand, and Australia).
The nontechnical world was most shocked by the revelation that the NSA was snaffling up such unthinkable mountains of everyday communications. In some countries, the NSA is actively recording every single cell-phone conversation, putting millions of indisputably innocent people under surveillance without even a hint of suspicion.
But in the tech world, the real showstopper was the news that the NSA and the UK’s spy agency, the GCHQ, had been spending $250 million a year on two programs of network and computer sabotage—BULLRUN, in the USA, and EDGEHILL, in the UK. Under these programs, technology companies are bribed, blackmailed, or tricked into introducing deliberate flaws into their products, so that spies can break into them and violate their users’ privacy. The NSA even sabotaged U.S. government agencies, such as the National Institute for Standards and Technology (NIST), a rock-ribbed expert body that produces straightforward engineering standards to make sure that our digital infrastructure doesn’t fall over. NIST was forced to recall one of its cryptographic standards after it became apparent that the NSA had infiltrated its process and deliberately weakened the standard—an act akin to deliberately ensuring that the standard for electrical wiring was faulty, so that you could start house fires in the homes of people you wanted to smoke out during armed standoffs.
The sabotage shocked so many technology experts because they understood that there was no such thing as a security flaw that could be exploited by “the good guys” alone. If you weaken the world’s computer security—the security of our planes and nuclear reactors, our artificial hearts and our thermostats, and, yes, our phones and our laptops, devices that are privy to our every secret—then no amount of gains in the War on Terror will balance out the costs we’ll all pay in vulnerability to crooks, creeps, spooks, thugs, perverts, voyeurs, and anyone else who independently discovers these deliberate flaws and turns them against targets of opportunity.
So where does all this tie in with the copyfight? The laws behind digital locks make it illegal to determine what your computer is doing. They make it illegal to stop your computer from doing things you don’t like. And they make it illegal to tell other people about what’s going on inside your computer.